Telephone use has heavily increased since the introduction of mobile telephones, which users can utilize, not just in their homes, but in their cars, while walking, at work, and during daily activities. While telephone usage can be casual, such as talking with friends, other usage may require the disclosure of sensitive information, such as when making a purchase over the phone, paying a bill, or providing medical information.
Users may be hesitant to provide the required sensitive information due to concerns that a breach of the sensitive information could occur based on, for example, man-in-the-middle attacks. Telephone lines that are not secure are open to such attacks. Another concern is whether the person to whom the user is providing the sensitive information is trusted or is associated with a trusted party. For example, a user receives a call from his doctor's office asking for personal information, such as mailing address or credit card information to resolve an outstanding bill. When the call is received, the user may be able to determine the telephone number and possibly the owner of the telephone number using caller ID. However, on mobile telephones, the owner of the telephone number only appears if the telephone number is programmed into the phone and the calling party calls from that specific telephone number. Further, the user is unable to determine whether the incoming call is made over a secure connection.
Attempts to secure telephone connections have been made by encrypting voice data transmitted via the call. Yet, notice of the secure connection is not provided to the other party. Conversely, secure Web pages display information informing a user that the Web site is secure and sensitive information will be protected. For instance, Web pages are made secure using Secure Socket Layer (SSL). Using SSL, data transmitted between a Web page and Web servers are encrypted so that the data is not legible or accessible by unauthorized third parties. Users are can identify whether a Web page is secure by looking for a lock icon in a status bar of a Web browser in which the Web page is displayed, locating a site seal provided by a SSL vendor, if present, and the letter “s” listed with a protocol of a uniform resource locator for the Web page.
Cisco Unified IP Phones, of Cisco Systems, Inc., San Jose, Calif., use Cisco Unified Communications Manager to provide security icons to be enabled. The icons indicate whether a call is secure and whether a connected device is trusted. A trusted device includes a Cisco device or a third-party device that has passed Cisco security criteria for trusted connections. A determination as to whether a device is trusted is made when the device is added to a user system. However, the Unified Communications Manager can only be utilized when an individual purchases a particular Cisco telephone. Thus, the Unified Communications Manager fails to address providing connection notifications to a global collection of landline and mobile telephones, and maintaining a log of calls with connection notifications.
Accordingly, a system and method to verify whether a call is secure and to notify users of a status of the call connection is needed to prevent users from fraud and unauthorized disclosure of personal information.